<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial"><small>Hi,<br>
<br>
You can't directly write two networks with comma or space separated.<br>
You can achieve this by having multiple tunnels. Configuration goes
like...<br>
<br>
conn remotenetwork1<br>
rightsubnet=172.22.0.0/16<br>
leftsubnet=192.168.24.0/24<br>
auto=add<br>
also=baseconfig<br>
<br>
conn remotenetwork2<br>
rightsubnet=172.21.0.0/16<br>
leftsubnet=192.168.24.0/24<br>
auto=add<br>
also=baseconfig</small><br>
</font>
<pre wrap=""><small><small><font face="Arial" size="+1"><small><small>conn baseconfig
        authby=secret
esp=3des-sha1-96
right=abc.def.ghi.ijk
rightrsasigkey=%none
leftnexthop=www.xxx.yyy.zzc
left=www.xxx.yyy.zzz
leftrsasigkey=%none
leftcert=
pfs=no
type=tunnel
keylife=
ikelifetime=</small></small></font></small></small></pre>
<font face="Arial"><br>
<small>Regards,<br>
Utkarsh Shah</small><br>
</font><br>
<blockquote cite="midmailman.3.1179417604.18234.users@openswan.org"
type="cite">
<pre wrap="">
Hello,
I'm succesfully running a site to site tunnel. While the LAN on our side
of the tunnel is pretty small (just a /26 network), the LAN on the other
side is much bigger (currently a /16 network). The gateway on the other
side is a Checkpoint FW-1, while we use OpenSwan.
currently the other side uses 172.22.0.0/16.
Config looks like this:
---8<---
conn exampleconfig
authby=secret
esp=3des-sha1-96
right=abc.def.ghi.ijk
rightsubnet=172.22.0.0/16
rightrsasigkey=%none
leftnexthop=www.xxx.yyy.zzc
left=www.xxx.yyy.zzz
leftsubnet=192.168.24.64/24
leftrsasigkey=%none
leftcert=
pfs=no
auto=add
type=tunnel
keylife=
ikelifetime=
---8<---
Unfortunately it is now required that some machines on the other side
need to use the tunnel too, that use IP addresses from the range
172.21.0.0/16.
I could of course use 172.20.0.0/14 for rightsubnet, which covers
everyting from 172.20.0.0 to 172.23.255.255 or try to add
172.21..0.0/16.
Is it possible list more than one network for rightsubnet like the
following example?
---8<---
conn exampleconfig
authby=secret
esp=3des-sha1-96
right=abc.def.ghi.ijk
rightsubnet=172.21.0.0/16 172.22.0.0/16
rightrsasigkey=%none
leftnexthop=www.xxx.yyy.zzc
left=www.xxx.yyy.zzz
leftsubnet=192.168.24.64/24
leftrsasigkey=%none
leftcert=
pfs=no
auto=add
type=tunnel
keylife=
ikelifetime=
---8<---
If yes, what is correct syntax when listing more than one network, how
to separate the entries (space, comma ...)?
Thanks, best wishes
Wolfgang
</pre>
</blockquote>
</body>
</html>